Author: coheigea Date: Wed Feb 27 22:58:31 2013 New Revision: 1451017 URL: http://svn.apache.org/r1451017 Log: Merged revisions 1451006 via git cherry-pick from https://svn.apache.org/repos/asf/cxf/branches/2.6.x-fixes
........ r1451006 | coheigea | 2013-02-27 14:30:25 -0800 (Wed, 27 Feb 2013) | 18 lines Merged revisions 1451001 via git cherry-pick from https://svn.apache.org/repos/asf/cxf/branches/2.7.x-fixes ........ r1451001 | coheigea | 2013-02-27 14:18:52 -0800 (Wed, 27 Feb 2013) | 10 lines Merged revisions 1450977 via git cherry-pick from https://svn.apache.org/repos/asf/cxf/trunk ........ r1450977 | coheigea | 2013-02-27 13:36:06 -0800 (Wed, 27 Feb 2013) | 2 lines Adding ability to configure UsernameToken TTL ........ ........ ........ Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=1451017&r1=1451016&r2=1451017&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java (original) +++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java Wed Feb 27 22:58:31 2013 @@ -201,6 +201,19 @@ public final class SecurityConstants { public static final String TIMESTAMP_FUTURE_TTL = "ws-security.timestamp.futureTimeToLive"; /** + * The time in seconds to append to the Creation value of an incoming UsernameToken to determine + * whether to accept the UsernameToken as valid or not. The default value is 300 seconds (5 minutes). + */ + public static final String USERNAMETOKEN_TTL = "ws-security.usernametoken.timeToLive"; + + /** + * The time in seconds in the future within which the Created time of an incoming + * UsernameToken is valid. The default value is "60", to avoid problems where clocks are + * slightly askew. To reject all future-created UsernameTokens, set this value to "0". + */ + public static final String USERNAMETOKEN_FUTURE_TTL = "ws-security.usernametoken.futureTimeToLive"; + + /** * The attribute URI of the SAML AttributeStatement where the role information is stored. * The default is "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role";. */ Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java?rev=1451017&r1=1451016&r2=1451017&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java (original) +++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java Wed Feb 27 22:58:31 2013 @@ -173,6 +173,18 @@ public abstract class AbstractWSS4JInter if (ttl != null) { msg.setContextualProperty(WSHandlerConstants.TTL_TIMESTAMP, ttl); } + + String utFutureTTL = + (String)msg.getContextualProperty(SecurityConstants.USERNAMETOKEN_FUTURE_TTL); + if (utFutureTTL != null) { + msg.setContextualProperty(WSHandlerConstants.TTL_FUTURE_USERNAMETOKEN, utFutureTTL); + } + String utTTL = + (String)msg.getContextualProperty(SecurityConstants.USERNAMETOKEN_TTL); + if (utTTL != null) { + msg.setContextualProperty(WSHandlerConstants.TTL_USERNAMETOKEN, utTTL); + } + String certConstraints = (String)msg.getContextualProperty(SecurityConstants.SUBJECT_CERT_CONSTRAINTS); if (certConstraints != null) {
